package com.leidy.study.config;

import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

/**
 * 自定义授权及安全策略
 * HttpSecurity http 里面 配置资源路径需要什么权限的拦截策略
 * <p>
 * 学习地址：<a href="https://www.bilibili.com/video/BV1e44y1y7FN/?spm_id_from=333.788.player.switch&vd_source=da312f6cc5d3db2706cf5c29997e74b3&p=5">...</a>
 *
 * @author leidy
 * @since 2025/7/27 下午6:21
 */
@EnableWebSecurity
public class MySecurityConfig extends WebSecurityConfigurerAdapter {
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.csrf().disable()
                .authorizeRequests()
                .antMatchers("/salary/**").hasAuthority("salary:query")
                .antMatchers("/user/**").permitAll()
                .anyRequest().authenticated();
    }
}
